CVE-2026-23687
Last modified
CVE-2026-23687 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive user data and potential disruption of normal system usage.. EPSS estimates a 0.46% chance of exploitation in the next 30 days.
Description
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive user data and potential disruption of normal system usage.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sap | Sap Basis | 700 |
| Sap | Sap Basis | 701 |
| Sap | Sap Basis | 702 |
| Sap | Sap Basis | 731 |
| Sap | Sap Basis | 740 |
| Sap | Sap Basis | 750 |
| Sap | Sap Basis | 751 |
| Sap | Sap Basis | 752 |
| Sap | Sap Basis | 753 |
| Sap | Sap Basis | 754 |
| Sap | Sap Basis | 755 |
| Sap | Sap Basis | 756 |
| Sap | Sap Basis | 757 |
| Sap | Sap Basis | 758 |
| Sap | Sap Basis | 804 |
| Sap | Sap Basis | 916 |
| Sap | Sap Basis | 917 |
| Sap | Sap Basis | 918 |
References
- https://me.sap.com/notes/3697567Permissions Required
- https://url.sap/sapsecuritypatchdayVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2026-23687?
How severe is CVE-2026-23687?
How do I fix CVE-2026-23687?
Are you affected by CVE-2026-23687?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST